lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7a1f68b7-c23b-11e2-befc-105b995da89f@gmail.com>
Date:   Wed, 26 Aug 2020 18:26:36 +0200
From:   Heiner Kallweit <hkallweit1@...il.com>
To:     Sascha Hauer <s.hauer@...gutronix.de>, netdev@...r.kernel.org
Cc:     Andrew Lunn <andrew@...n.ch>,
        Florian Fainelli <f.fainelli@...il.com>, kernel@...gutronix.de
Subject: Re: [PATCH] net: mdiobus: fix device unregistering in
 mdiobus_register

On 26.08.2020 11:51, Sascha Hauer wrote:
> __mdiobus_register() can fail between calling device_register() and
> setting bus->state to MDIOBUS_REGISTERED. When this happens the caller
> will call mdiobus_free() which then frees the mdio bus structure. This
> is not allowed as the embedded struct device is already registered, thus
> must be freed dropping the reference count using put_device(). To
> accomplish this set bus->state to MDIOBUS_UNREGISTERED after having
> registered the device. With this mdiobus_free() correctly calls
> put_device() instead of freeing the mdio bus structure directly.
> 
> Signed-off-by: Sascha Hauer <s.hauer@...gutronix.de>
> ---
>  drivers/net/phy/mdio_bus.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
> index 0af20faad69d..85cbaab4a591 100644
> --- a/drivers/net/phy/mdio_bus.c
> +++ b/drivers/net/phy/mdio_bus.c
> @@ -540,6 +540,8 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
>  		return -EINVAL;
>  	}
>  
> +	bus->state = MDIOBUS_UNREGISTERED;
> +
>  	mutex_init(&bus->mdio_lock);
>  	mutex_init(&bus->shared_lock);
>  
> 
I see the point. If we bail out after having called device_register()
then put_device() has to be called. This however isn't done by
mdiobus_free() if state is MDIOBUS_ALLOCATED. So I think the idea is
right. However we have to call put_device() even if device_register()
fails, therefore setting state to MDIOBUS_UNREGISTERED should be
moved to before calling device_register().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ